astro-v6-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's content-collections.md explicitly shows remote loaders that fetch third-party data (e.g., fetch('https://api.example.com/products')) and behavior-changes.md shows createSchema calling getSchemaFromApi(), meaning the agent is instructed to ingest and act on arbitrary external API content that could influence its behavior.